InfoSec Philippines

Information Security, Technology News and Opinions

Posts Tagged ‘e-mail’

Info Sec News: Nov 18, 2008

Posted by Jaime Raphael Licauco, CISSP, GSEC on November 18, 2008

BBC Click on Biometrics

A few weeks ago BBC News Click published How biometrics could change security. The week after, they then published, “The pitfalls of biometric systems“.

Since its somewhat related to physical security, A UK fingerprint developer can read a letter from its envelope.

More news about the keyboard electromagnetic sniffing that was making the news last month:

  • From The Register Swiss boffins sniff passwords from (wired) keyboards 65 feet away
  • From BBC Keyboard sniffers to steal data
  • Video on keyboard sniffing from the very people that did the experiment can be found at COMPROMISING ELECTROMAGNETIC EMANATIONS OF WIRED KEYBOARDS.

    • The Register gives a tutorial on encrypting e-mails in, “Still sending naked email? Get your protection here“.

    Pretty sad that a UK Anti-Fraud site has crashed due to DDOS attack.

    The popular and free AVG Anti-virus has once again identified a trojan that isn’t one.

    A Vulnerability has also been discovered in the SSH Specification.

    The New York Times reports that Privacy Laws Trip Up Google’s Expansion in Parts of Europe

    The Federation of American Scientists (FAS) Secrecy blog, reports that terrorists can presumably use twitter, instant messaging, etc. The article Spy Fears: Twitter Terrorists, Cell Phone Jihadists by Noah Shachtman on Wired talks about it more.

    If you’re interested on the pdf exploit (also see below in other news), Didier Steven’s Blog, talks about Shoulder Surfing a Malicious PDF Author.

    Other News:

  • Email ruse uses Federal Reserve Bank name to drop PDF exploit
  • Cybercrime expected to ramp during holiday season
  • New attack targeting Windows Mobile phones
  • Apple issues 11 security updates for Safari browser
  • How Outsourced Call Centers Are Costing Millions In Identity Theft
  • Although somewhat unrelated, InfoSec Professionals might also be interested in this article on airport security, The Things He Carried

    • White paper on Designing and implementing malicious hardware presented at the LEET ’08

    White Hat World Webinar on 10 Reasons your Existing SIEM Sucks! This will be held on Thursday, November 20, 2008 4:00 am Philippine time.

    Advertisement

    Posted in ISMS, News | Tagged: , , , , , , , , , , , , , , , , , | Leave a Comment »

    Obama and McCain Campaign Computers Hacked

    Posted by Jaime Raphael Licauco, CISSP, GSEC on November 7, 2008

    Newsweek reports that both the Obama and McCain camps had computers that were hacked. This is apparently also around the time Gov. Palin’s Yahoo account got hacked (details of how the hacker got into Palin’s account are here). SecurityFocus reports on the hack here.

    On a related topic, SCMagazineUS reports that hackers began spreading malware soon after Obama got elected. In the typical bait-and-switch method of social engineering, spam e-mails that were supposed to contain a link to Obama’s “amazing speech” were actually links to trojans.

    New critical vulnerabilities were found for the popular VLC media player. However the Window’s version has not been updated to close the said vulnerabilities. Workarounds can be found in a Heise Security report.

    Heise Security also reports that the BotHunter tool has been updated with the new features listed here. The tool helps network administrators find out if their network has zombie computers.

    There are now more worms that exploit the MS08-67 Critical vulnerability that was reported last month. So if your Windows system uses the “Server” service, you’ll hopefully have it patched soon. For home users that do not need this dis-service, they can easily disable it, by going to services.msc while using their Admin account.

    Posted in News, vulnerability | Tagged: , , , , , , , , , , , , , , , , | Leave a Comment »